3 files changed, 54 insertions, 46 deletions

diff --git a/common/debug.c b/common/debug.c
index cf1bc2f..7a593fc 100644
--- a/common/debug.c
+++ b/common/debug.c
@@ -30,6 +30,9 @@
 #include <stdint.h>
 #include <stdlib.h>
 #include <time.h>
+#ifndef _WIN32
+#include <sys/time.h>
+#endif
 
 #include "src/idevice.h"
 #include "debug.h"
@@ -51,27 +54,31 @@ void internal_set_debug_level(int level)
 #ifndef STRIP_DEBUG_CODE
 static void debug_print_line(const char *func, const char *file, int line, const char *buffer)
 {
-        char *str_time = NULL;
-        char *header = NULL;
+        char str_time[24];
+#ifdef _WIN32
+        SYSTEMTIME lt;
+        GetLocalTime(&lt);
+        snprintf(str_time, 24, "%02d:%02d:%02d.%03d", lt.wHour, lt.wMinute, lt.wSecond, lt.wMilliseconds);
+#else
+#ifdef HAVE_GETTIMEOFDAY
+        struct timeval tv;
+        struct tm *tp;
+        gettimeofday(&tv, NULL);
+#ifdef HAVE_LOCALTIME_R
+        struct tm tp_;
+        tp = localtime_r(&tv.tv_sec, &tp_);
+#else
+        tp = localtime(&tv.tv_sec);
+#endif
+        strftime(str_time, 9, "%H:%M:%S", tp);
+        snprintf(str_time+8, 10, ".%03d", (int)tv.tv_usec/1000);
+#else
         time_t the_time;
-
         time(&the_time);
-        str_time = (char*)malloc(255);
-        strftime(str_time, 254, "%H:%M:%S", localtime (&the_time));
-
-        /* generate header text */
-        if(asprintf(&header, "%s %s:%d %s()", str_time, file, line, func)<0){}
-        free (str_time);
-
-        /* trim ending newlines */
-
-        /* print header */
-        fprintf(stderr, "%s: ", header);
-
-        /* print actual debug content */
-        fprintf(stderr, "%s\n", buffer);
-
-        free (header);
+        strftime(str_time, 15, "%H:%M:%S", localtime (&the_time));
+#endif
+#endif
+        fprintf(stderr, "%s %s:%d %s(): %s\n", str_time, file, line, func, buffer);
 }
 #endif
 
diff --git a/common/userpref.c b/common/userpref.c
index 48bcfcb..76945e1 100644
--- a/common/userpref.c
+++ b/common/userpref.c
@@ -29,13 +29,18 @@
 #include <stdint.h>
 #include <stdlib.h>
 #include <string.h>
+#include <errno.h>
+
 #ifdef HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
-#ifndef WIN32
+#include <dirent.h>
+#ifndef _WIN32
 #include <pwd.h>
-#endif
 #include <unistd.h>
+#include <libgen.h>
+#include <sys/stat.h>
+#endif
 #include <usbmuxd.h>
 #if defined(HAVE_OPENSSL)
 #include <openssl/bn.h>
@@ -64,12 +69,7 @@
 #error No supported TLS/SSL library enabled
 #endif
 
-#include <dirent.h>
-#include <libgen.h>
-#include <sys/stat.h>
-#include <errno.h>
-
-#ifdef WIN32
+#ifdef _WIN32
 #include <shlobj.h>
 #endif
 
@@ -77,6 +77,7 @@
 #define ETIMEDOUT 138
 #endif
 
+#include <libimobiledevice/libimobiledevice.h>
 #include <libimobiledevice-glue/utils.h>
 
 #include "userpref.h"
@@ -93,7 +94,7 @@ const ASN1_ARRAY_TYPE pkcs1_asn1_tab[] = {
 };
 #endif
 
-#ifdef WIN32
+#ifdef _WIN32
 #define DIR_SEP '\\'
 #define DIR_SEP_S "\\"
 #else
@@ -103,7 +104,7 @@ const ASN1_ARRAY_TYPE pkcs1_asn1_tab[] = {
 
 #define USERPREF_CONFIG_EXTENSION ".plist"
 
-#ifdef WIN32
+#ifdef _WIN32
 #define USERPREF_CONFIG_DIR "Apple"DIR_SEP_S"Lockdown"
 #else
 #define USERPREF_CONFIG_DIR "lockdown"
@@ -113,7 +114,7 @@ const ASN1_ARRAY_TYPE pkcs1_asn1_tab[] = {
 
 static char *__config_dir = NULL;
 
-#ifdef WIN32
+#ifdef _WIN32
 static char *userpref_utf16_to_utf8(wchar_t *unistr, long len, long *items_read, long *items_written)
 {
         if (!unistr || (len <= 0)) return NULL;
@@ -155,7 +156,7 @@ const char *userpref_get_config_dir()
         if (__config_dir)
                 return __config_dir;
 
-#ifdef WIN32
+#ifdef _WIN32
         wchar_t path[MAX_PATH+1];
         HRESULT hr;
         LPITEMIDLIST pidl = NULL;
@@ -419,7 +420,7 @@ static int _mbedtls_x509write_crt_set_basic_constraints_critical(mbedtls_x509wri
  *
  * @return 1 if keys were successfully generated, 0 otherwise
  */
-userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_data_t public_key)
+userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_data_t public_key, unsigned int device_version)
 {
         userpref_error_t ret = USERPREF_E_SSL_ERROR;
 
@@ -484,7 +485,7 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
                 X509_set_pubkey(root_cert, root_pkey);
 
                 /* sign root cert with root private key */
-                X509_sign(root_cert, root_pkey, EVP_sha1());
+                X509_sign(root_cert, root_pkey, (device_version < IDEVICE_DEVICE_VERSION(4,0,0)) ? EVP_sha1() : EVP_sha256());
         }
 
         /* create host certificate */
@@ -517,7 +518,7 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
                 X509_set_pubkey(host_cert, host_pkey);
 
                 /* sign host cert with root private key */
-                X509_sign(host_cert, root_pkey, EVP_sha1());
+                X509_sign(host_cert, root_pkey, (device_version < IDEVICE_DEVICE_VERSION(4,0,0)) ? EVP_sha1() : EVP_sha256());
         }
 
         if (root_cert && root_pkey && host_cert && host_pkey) {
@@ -609,7 +610,7 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
                 X509_add_ext_helper(dev_cert, NID_key_usage, (char*)"critical,digitalSignature,keyEncipherment");
 
                 /* sign device certificate with root private key */
-                if (X509_sign(dev_cert, root_pkey, EVP_sha1())) {
+                if (X509_sign(dev_cert, root_pkey, (device_version < IDEVICE_DEVICE_VERSION(4,0,0)) ? EVP_sha1() : EVP_sha256())) {
                         /* if signing succeeded, export in PEM format */
                         BIO* membp = BIO_new(BIO_s_mem());
                         if (PEM_write_bio_X509(membp, dev_cert) > 0) {
@@ -661,7 +662,7 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
         gnutls_x509_crt_set_ca_status(root_cert, 1);
         gnutls_x509_crt_set_activation_time(root_cert, time(NULL));
         gnutls_x509_crt_set_expiration_time(root_cert, time(NULL) + (60 * 60 * 24 * 365 * 10));
-        gnutls_x509_crt_sign2(root_cert, root_cert, root_privkey, GNUTLS_DIG_SHA1, 0);
+        gnutls_x509_crt_sign2(root_cert, root_cert, root_privkey, (device_version < IDEVICE_DEVICE_VERSION(4,0,0)) ? GNUTLS_DIG_SHA1 : GNUTLS_DIG_SHA256, 0);
 
         gnutls_x509_crt_set_key(host_cert, host_privkey);
         gnutls_x509_crt_set_serial(host_cert, "\x01", 1);
@@ -670,7 +671,7 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
         gnutls_x509_crt_set_key_usage(host_cert, GNUTLS_KEY_KEY_ENCIPHERMENT | GNUTLS_KEY_DIGITAL_SIGNATURE);
         gnutls_x509_crt_set_activation_time(host_cert, time(NULL));
         gnutls_x509_crt_set_expiration_time(host_cert, time(NULL) + (60 * 60 * 24 * 365 * 10));
-        gnutls_x509_crt_sign2(host_cert, root_cert, root_privkey, GNUTLS_DIG_SHA1, 0);
+        gnutls_x509_crt_sign2(host_cert, root_cert, root_privkey, (device_version < IDEVICE_DEVICE_VERSION(4,0,0)) ? GNUTLS_DIG_SHA1 : GNUTLS_DIG_SHA256, 0);
 
         /* export to PEM format */
         size_t root_key_export_size = 0;
@@ -768,17 +769,17 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
                         gnutls_x509_crt_set_expiration_time(dev_cert, time(NULL) + (60 * 60 * 24 * 365 * 10));
 
                         /* use custom hash generation for compatibility with the "Apple ecosystem" */
-                        const gnutls_digest_algorithm_t dig_sha1 = GNUTLS_DIG_SHA1;
-                        size_t hash_size = gnutls_hash_get_len(dig_sha1);
+                        const gnutls_digest_algorithm_t dig_sha = (device_version < IDEVICE_DEVICE_VERSION(4,0,0)) ? GNUTLS_DIG_SHA1 : GNUTLS_DIG_SHA256;
+                        size_t hash_size = gnutls_hash_get_len(dig_sha);
                         unsigned char hash[hash_size];
-                        if (gnutls_hash_fast(dig_sha1, der_pub_key.data, der_pub_key.size, (unsigned char*)&hash) < 0) {
-                                debug_info("ERROR: Failed to generate SHA1 for public key");
+                        if (gnutls_hash_fast(dig_sha, der_pub_key.data, der_pub_key.size, (unsigned char*)&hash) < 0) {
+                                debug_info("ERROR: Failed to generate SHA for public key");
                         } else {
                                 gnutls_x509_crt_set_subject_key_id(dev_cert, hash, hash_size);
                         }
 
                         gnutls_x509_crt_set_key_usage(dev_cert, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT);
-                        gnutls_error = gnutls_x509_crt_sign2(dev_cert, root_cert, root_privkey, GNUTLS_DIG_SHA1, 0);
+                        gnutls_error = gnutls_x509_crt_sign2(dev_cert, root_cert, root_privkey, (device_version < IDEVICE_DEVICE_VERSION(4,0,0)) ? GNUTLS_DIG_SHA1 : GNUTLS_DIG_SHA256, 0);
                         if (GNUTLS_E_SUCCESS == gnutls_error) {
                                 /* if everything went well, export in PEM format */
                                 size_t export_size = 0;
@@ -872,7 +873,7 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
 
         /* sign root cert with root private key */
         mbedtls_x509write_crt_set_issuer_key(&cert, &root_pkey);
-        mbedtls_x509write_crt_set_md_alg(&cert, MBEDTLS_MD_SHA1);
+        mbedtls_x509write_crt_set_md_alg(&cert, (device_version < IDEVICE_DEVICE_VERSION(4,0,0)) ? MBEDTLS_MD_SHA1 : MBEDTLS_MD_SHA256);
 
         unsigned char outbuf[16384];
 
@@ -931,7 +932,7 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
 
         /* sign host cert with root private key */
         mbedtls_x509write_crt_set_issuer_key(&cert, &root_pkey);
-        mbedtls_x509write_crt_set_md_alg(&cert, MBEDTLS_MD_SHA1);
+        mbedtls_x509write_crt_set_md_alg(&cert, (device_version < IDEVICE_DEVICE_VERSION(4,0,0)) ? MBEDTLS_MD_SHA1 : MBEDTLS_MD_SHA256);
 
         /* write host private key */
         mbedtls_pk_write_key_pem(&host_pkey, outbuf, sizeof(outbuf));
@@ -991,7 +992,7 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
 
         /* sign device certificate with root private key */
         mbedtls_x509write_crt_set_issuer_key(&cert, &root_pkey);
-        mbedtls_x509write_crt_set_md_alg(&cert, MBEDTLS_MD_SHA1);
+        mbedtls_x509write_crt_set_md_alg(&cert, (device_version < IDEVICE_DEVICE_VERSION(4,0,0)) ? MBEDTLS_MD_SHA1 : MBEDTLS_MD_SHA256);
 
         /* write device certificate */
         mbedtls_x509write_crt_pem(&cert, outbuf, sizeof(outbuf), mbedtls_ctr_drbg_random, &ctr_drbg);
diff --git a/common/userpref.h b/common/userpref.h
index 75bb8b7..9a1832c 100644
--- a/common/userpref.h
+++ b/common/userpref.h
@@ -68,7 +68,7 @@ userpref_error_t userpref_read_pair_record(const char *udid, plist_t *pair_recor
 userpref_error_t userpref_save_pair_record(const char *udid, uint32_t device_id, plist_t pair_record);
 userpref_error_t userpref_delete_pair_record(const char *udid);
 
-userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_data_t public_key);
+userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_data_t public_key, unsigned int device_version);
 #if  defined(HAVE_OPENSSL) || defined(HAVE_MBEDTLS)
 userpref_error_t pair_record_import_key_with_name(plist_t pair_record, const char* name, key_data_t* key);
 userpref_error_t pair_record_import_crt_with_name(plist_t pair_record, const char* name, key_data_t* cert);